seems OK to me currently
nihilist
sorry for the late reply but yes, in a decentralised exchange you are revealing your info to an other peer, rather than to a centralised exchange (or subphoneable entity), that makes a huge difference
Hi, you no longer need to go through any other crypto nor any centralised exchange to get your monero. just transact P2P, fiat to monero directly, on the Haveno reto decentralised exchange https://haveno-reto.com/ i wrote guides on how to use it. Centralised exchanges may force you to KYC yourself, so screw them.
there's also xmrbazaar.com too in the earn XMR section
small detail, centralised exchanges know how much monero went through them. for that particular account. If you KYC'd there, they know how much monero YOU bought or sold on their platform
they discard the decoys when they're given the transactions of interest, this lets them know that this transaction they saw on their node actually comes from that subphoenable entity (centralised exchange), from there they have the list of transactions that went through and they can rule out the dandelion decoys. but otherwise they can't.
I also mentionned that they are looking at the fee structure on their malicious nodes, hence my recommendation to use the default fees. not sure if they're actually using the rest. (number of inputs and outputs ?)
if you run your own node, it means that the adversary needs to come and ask you directly to give you the details of who connected to the node. and if you keep Tor in between you and your own node, you're maintaining anonymity aswell.
if others find your (remote) node its not changing anything, you're making it available for them to use monero
but still they should run their own monero node to keep decentralizing further
my pleasure ;) (if i missed anything, feel free to let me know btw)
by the way, check out my blogpost on that topic https://blog.nowhere.moe/opsec/chainalysisattempts/index.html, with my opsec recommendations
TLDW :
- do not trust random nodes, go and host your own (locally or not) -> to prevent them from logging ip addresses and to deanonymize on the IP level (attacking dandelion from what i understand ?)
- if you do end up using a remote node, connect to it through tor to maintain anonymity
- Stay off centralised exchanges, never KYC.
Nah that's easy too. you need to make sure the developers use PGP keys to confirm their identity. https://blog.nowhere.moe/opsec/pgp/index.html + https://blog.nowhere.moe/opsec/whonixqemuvms/index.html
but yeah the idea is to have a Disaster recovery plan, kind of idea, totally makes sense.
it's not complicated, make sure that anonymity is maintained for all developers (like they do all their work from inside a whonix VM let's say), and that you have copies of all the important monero mirrors somewhere (on a gitea instance accessible via .onion or something similar), in case if monero gets the tornadocash treatment.
that way they can't go after the developers' freedom of speech, and even if they take the repositories down from github, the show can go on elsewhere.
i'll pitch in to advise people if opsec is brought up
good news that it's already available: https://haveno-reto Decentralised Exchange P2P fiat to monero directly. I wrote some tutorials on how to use it, if you need help on that